Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

DNS DHCP IPAM

Reply

DNS Caching Ratio on Infoblox DNS Caching

JSingh
Techie
Posts: 11
5351     0

Hi All,

Please help me to get understand about the DNS Cache sizing on Infoblox Appliance. As what i know that we sizing the caching appliace on 60% of the total QPS, but please help me to understand if customer has some issue with sizing and asked about the only 40% of caching and rest use as recursive, then how do we segregate this on infoblox as other have facility that on percent basis.

Thanks...Jay

Re: DNS Caching Ratio on

Expert
Posts: 181
5352     0

You want to be very careful with sizing.  The QPS ratings on the sales literature is for authoritive responses only.   We sized our cashing \ forwarding layer by halving the QPS rating given and grossly under sized our environment.   You have to take your traffic mix and attempt to replicate it in a lab with the appropriate latency built in to get a QPS on recursive queries.    What we have found with the older 1050a and 1550a’s that the recursive QPS limit can be as little as 10% of the authoritive rating.

In our environment, with primarily recursive requests and a ~80% cache hit ratio the 1050a’s hit 95% CPU and start dropping packets at round 3,300 QPS.  They are rated at 30,000 QPS on the sales literature. 

I wanted to keep this updated

Expert
Posts: 181
5352     0

I wanted to keep this updated for other people looking for sizing.   With further research and debugging, we now see issues at around 300 q/s on 1050A's.  Well before any CPU limits are hit.  This is only 1% of their stated q/s rate.    If you are using them as primarly recursive servers the 1050-A's limited RAM and cache size make them very limited in their functionality.

Recursive Client Query Limit

RGibson
Techie
Posts: 2
5352     0

Jay,

    Have you increased the recursive client query limit on the devices?  It is found under Data Management -> DNS -> Members.  Select the member you are looking into and click edit.  Then look under queries on the advanced tab (make sure advanced mode is toggled on).  If you have not set it, it will be unchecked and show 1000 greyed out in the box.  Contrary to my expectation that if it is unchecked it would not limit, it actually does limit at 1000 concurrent recursive clients (the BIND default).  So you should check the box and set the limit to where you want it.  With a 1050-A you can definitely push it beyond 1000, and probably should if they are being used primarily as recursive servers.  I've run it up to 3000 without noticing any issues, but your milage may vary depending on your environment.  You will also see messages in your syslog that tell you if it is overrunning the limit - there is a soft warning before it actually hits the limit and starts dropping queries.  The messages look like:

 

Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 520/1000/900/65/1000/0

 

If you are seeing entries for h-over, meaning you've crossed the hard limit, then you definitely need to up that limit.  Hopefully that information helps out some.

Hi all,

GMarques
Techie
Posts: 2
5352     0

Hi all,

Has anyone made tests with the PT-2200 or the TE-2220 in terms of recursive queries? How many it can take per second, maintaining good cpu values.

Showing results for 
Search instead for 
Do you mean 

Recommended for You